Overview
overview
10Static
static
3bootstrapp...er.exe
windows7-x64
7bootstrapp...er.exe
windows10-2004-x64
10bootstrapp...m.html
windows7-x64
3bootstrapp...m.html
windows10-2004-x64
8bootstrapp...47.dll
windows10-2004-x64
8bootstrapp...eg.dll
windows7-x64
7bootstrapp...eg.dll
windows10-2004-x64
10bootstrapp...GL.dll
windows7-x64
1bootstrapp...GL.dll
windows10-2004-x64
8bootstrapp...v2.dll
windows7-x64
1bootstrapp...v2.dll
windows10-2004-x64
8bootstrapp...ip.dll
windows7-x64
7bootstrapp...ip.dll
windows10-2004-x64
8bootstrapp...32.dll
windows7-x64
3bootstrapp...32.dll
windows10-2004-x64
8bootstrapp...7z.dll
windows7-x64
1bootstrapp...7z.dll
windows10-2004-x64
1bootstrapp...7z.exe
windows7-x64
3bootstrapp...7z.exe
windows10-2004-x64
8bootstrapp...on.exe
windows7-x64
3bootstrapp...on.exe
windows10-2004-x64
8bootstrapp...dex.js
windows7-x64
3bootstrapp...dex.js
windows10-2004-x64
3bootstrapp...GL.dll
windows7-x64
1bootstrapp...GL.dll
windows10-2004-x64
8bootstrapp...v2.dll
windows7-x64
1bootstrapp...v2.dll
windows10-2004-x64
8bootstrapp...11.dll
windows7-x64
1bootstrapp...11.dll
windows10-2004-x64
1bootstrapp...er.dll
windows7-x64
1bootstrapp...er.dll
windows10-2004-x64
8bootstrapp...-1.dll
windows7-x64
1Analysis
-
max time kernel
10s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
10-02-2025 20:39
Static task
static1
Behavioral task
behavioral1
Sample
bootstrapper/Bootstrapper.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral2
Sample
bootstrapper/Bootstrapper.exe
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
bootstrapper/LICENSES.chromium.html
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral4
Sample
bootstrapper/LICENSES.chromium.html
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
bootstrapper/d3dcompiler_47.dll
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
bootstrapper/ffmpeg.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral7
Sample
bootstrapper/ffmpeg.dll
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
bootstrapper/libEGL.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral9
Sample
bootstrapper/libEGL.dll
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
bootstrapper/libGLESv2.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral11
Sample
bootstrapper/libGLESv2.dll
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
bootstrapper/resources/app.asar.unpacked/node_modules/7zip/7zip-lite/7-zip.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral13
Sample
bootstrapper/resources/app.asar.unpacked/node_modules/7zip/7zip-lite/7-zip.dll
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
bootstrapper/resources/app.asar.unpacked/node_modules/7zip/7zip-lite/7-zip32.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral15
Sample
bootstrapper/resources/app.asar.unpacked/node_modules/7zip/7zip-lite/7-zip32.dll
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
bootstrapper/resources/app.asar.unpacked/node_modules/7zip/7zip-lite/7z.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral17
Sample
bootstrapper/resources/app.asar.unpacked/node_modules/7zip/7zip-lite/7z.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
bootstrapper/resources/app.asar.unpacked/node_modules/7zip/7zip-lite/7z.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral19
Sample
bootstrapper/resources/app.asar.unpacked/node_modules/7zip/7zip-lite/7z.exe
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
bootstrapper/resources/app.asar.unpacked/node_modules/7zip/7zip-lite/7zCon.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral21
Sample
bootstrapper/resources/app.asar.unpacked/node_modules/7zip/7zip-lite/7zCon.exe
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
bootstrapper/resources/app.asar.unpacked/node_modules/7zip/index.js
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral23
Sample
bootstrapper/resources/app.asar.unpacked/node_modules/7zip/index.js
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
bootstrapper/swiftshader/libEGL.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral25
Sample
bootstrapper/swiftshader/libEGL.dll
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
bootstrapper/swiftshader/libGLESv2.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral27
Sample
bootstrapper/swiftshader/libGLESv2.dll
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
bootstrapper/vcruntime211.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral29
Sample
bootstrapper/vcruntime211.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
bootstrapper/vk_swiftshader.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral31
Sample
bootstrapper/vk_swiftshader.dll
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
bootstrapper/vulkan-1.dll
Resource
win7-20241010-en
windows7-x64
General
-
Target
bootstrapper/ffmpeg.dll
-
Size
3.8MB
-
MD5
bf759c99c1f327c821fcf193239bed34
-
SHA1
e541b6baaa86f9eec7eb296985d367f1d61ff13a
-
SHA256
183cd7011c36648ee6dffda0e4bb8042d5ad5db69c1c69a016dcd6412be3e8fb
-
SHA512
f061920dc2ff2c17dfc023e90c88dca45fe76bfdba6d3bea5a7406dd4ee7ba84b9b1ce4c13afc8e344b4f0cfcab62ad5e9980d07f95769a97d169900fbf56650
-
SSDEEP
49152:sn/DoMHCR/shZ6NecOjg7J8hoREUq3mdNJHKikD+o+1HuhoH5HDDEDMZAYXRfGeo:SCDouex
Malware Config
Signatures
-
Uses the VBS compiler for execution 1 TTPs
-
Runs regedit.exe 1 IoCs
pid Process 2768 regedit.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2248 wrote to memory of 3008 2248 rundll32.exe 31 PID 2248 wrote to memory of 3008 2248 rundll32.exe 31 PID 2248 wrote to memory of 3008 2248 rundll32.exe 31 PID 2248 wrote to memory of 3008 2248 rundll32.exe 31 PID 2248 wrote to memory of 3008 2248 rundll32.exe 31 PID 2248 wrote to memory of 3008 2248 rundll32.exe 31 PID 2248 wrote to memory of 3064 2248 rundll32.exe 32 PID 2248 wrote to memory of 3064 2248 rundll32.exe 32 PID 2248 wrote to memory of 3064 2248 rundll32.exe 32 PID 2248 wrote to memory of 3064 2248 rundll32.exe 32 PID 2248 wrote to memory of 2268 2248 rundll32.exe 33 PID 2248 wrote to memory of 2268 2248 rundll32.exe 33 PID 2248 wrote to memory of 2268 2248 rundll32.exe 33 PID 2248 wrote to memory of 2268 2248 rundll32.exe 33 PID 2248 wrote to memory of 2268 2248 rundll32.exe 33 PID 2248 wrote to memory of 2268 2248 rundll32.exe 33 PID 2248 wrote to memory of 2952 2248 rundll32.exe 34 PID 2248 wrote to memory of 2952 2248 rundll32.exe 34 PID 2248 wrote to memory of 2952 2248 rundll32.exe 34 PID 2248 wrote to memory of 2952 2248 rundll32.exe 34 PID 2248 wrote to memory of 2952 2248 rundll32.exe 34 PID 2248 wrote to memory of 2952 2248 rundll32.exe 34 PID 2248 wrote to memory of 3048 2248 rundll32.exe 35 PID 2248 wrote to memory of 3048 2248 rundll32.exe 35 PID 2248 wrote to memory of 3048 2248 rundll32.exe 35 PID 2248 wrote to memory of 3048 2248 rundll32.exe 35 PID 2248 wrote to memory of 3048 2248 rundll32.exe 35 PID 2248 wrote to memory of 3048 2248 rundll32.exe 35 PID 2248 wrote to memory of 2468 2248 rundll32.exe 36 PID 2248 wrote to memory of 2468 2248 rundll32.exe 36 PID 2248 wrote to memory of 2468 2248 rundll32.exe 36 PID 2248 wrote to memory of 2468 2248 rundll32.exe 36 PID 2248 wrote to memory of 2468 2248 rundll32.exe 36 PID 2248 wrote to memory of 2736 2248 rundll32.exe 37 PID 2248 wrote to memory of 2736 2248 rundll32.exe 37 PID 2248 wrote to memory of 2736 2248 rundll32.exe 37 PID 2248 wrote to memory of 2736 2248 rundll32.exe 37 PID 2248 wrote to memory of 2736 2248 rundll32.exe 37 PID 2248 wrote to memory of 2816 2248 rundll32.exe 38 PID 2248 wrote to memory of 2816 2248 rundll32.exe 38 PID 2248 wrote to memory of 2816 2248 rundll32.exe 38 PID 2248 wrote to memory of 2816 2248 rundll32.exe 38 PID 2248 wrote to memory of 2816 2248 rundll32.exe 38 PID 2248 wrote to memory of 2980 2248 rundll32.exe 39 PID 2248 wrote to memory of 2980 2248 rundll32.exe 39 PID 2248 wrote to memory of 2980 2248 rundll32.exe 39 PID 2248 wrote to memory of 2980 2248 rundll32.exe 39 PID 2248 wrote to memory of 2980 2248 rundll32.exe 39 PID 2248 wrote to memory of 2732 2248 rundll32.exe 40 PID 2248 wrote to memory of 2732 2248 rundll32.exe 40 PID 2248 wrote to memory of 2732 2248 rundll32.exe 40 PID 2248 wrote to memory of 2732 2248 rundll32.exe 40 PID 2248 wrote to memory of 2732 2248 rundll32.exe 40 PID 2248 wrote to memory of 2732 2248 rundll32.exe 40 PID 2248 wrote to memory of 2284 2248 rundll32.exe 41 PID 2248 wrote to memory of 2284 2248 rundll32.exe 41 PID 2248 wrote to memory of 2284 2248 rundll32.exe 41 PID 2248 wrote to memory of 2284 2248 rundll32.exe 41 PID 2248 wrote to memory of 2284 2248 rundll32.exe 41 PID 2248 wrote to memory of 2284 2248 rundll32.exe 41 PID 2248 wrote to memory of 2768 2248 rundll32.exe 42 PID 2248 wrote to memory of 2768 2248 rundll32.exe 42 PID 2248 wrote to memory of 2768 2248 rundll32.exe 42 PID 2248 wrote to memory of 2768 2248 rundll32.exe 42
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bootstrapper\ffmpeg.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2248 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"2⤵PID:3008
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"2⤵PID:3064
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe"2⤵PID:2268
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"2⤵PID:2952
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"2⤵PID:3048
-
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"2⤵PID:2468
-
-
C:\Windows\System32\svchost.exe"C:\Windows\System32\svchost.exe"2⤵PID:2736
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"2⤵PID:2816
-
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"2⤵PID:2980
-
-
C:\Program Files (x86)\Windows Media Player\wmplayer.exe"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"2⤵PID:2732
-
-
C:\Program Files (x86)\Windows Mail\wab.exe"C:\Program Files (x86)\Windows Mail\wab.exe"2⤵PID:2284
-
-
C:\Windows\regedit.exe"C:\Windows\regedit.exe"2⤵
- Runs regedit.exe
PID:2768
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵PID:2916
-